Skip Menu |
 

Subject: memory leak in mk_req_extended() due to an overwrite of the auth context keyblock
Cc: hartmans@mit.edu
Download (untitled) / with headers
text/plain 1.2KiB
Here is the valgrind output:

==28256== 16 bytes in 1 blocks are definitely lost in loss record 3 of 19
==28256== at 0x1B902A90: malloc (vg_replace_malloc.c:131)
==28256== by 0x13C9F8: krb5_copy_keyblock (in /usr/lib/libkrb5.so.3.2)
==28256== by 0x13975C: krb5_auth_con_setuseruserkey (in
/usr/lib/libkrb5.so.3.2)

If you call krb5_auth_con_setuseruserkey() and then later call
krb5_mk_req_extended() it will overwrite the user key w/o freeing the
prior. See line 142 of mk_req_ext.c and you'll notice that it does a
copy_keyblock over the key I set with setuseruserkey() without doing an
if( auth_ctx->keyblock ) krb_free_keyblock( auth_ctx->keyblock) first.

The work around I have right now, although poor, is to expose struct
_krb5_auth_context into my application space (taken from a krblib source
file) and call krb5_free_keybock( ctx, authCtx->keyblock) before calling
krb5_mk_req_extended()

I believe that any calls that allocate a keyblock for auth_context will
end up leaking if the user calls krb5_mk_req_extended(), but in my
particular case I had called krb5_auth_con_setuseruserkey() to make it
happen.


(BTW: I send a bug with the krb5-send-pr utility but I may have done it
wrong or something, because its been a day and I've not seen it show up
in my mail.)
Subject: missing bug report
[guest - Fri Sep 24 10:37:39 2004]:

Show quoted text
> (BTW: I send a bug with the krb5-send-pr utility but I may have done it
> wrong or something, because its been a day and I've not seen it show up
> in my mail.)

I don't think it has shown up yet. Do your outbound mail logs show it being sent? You could
file the bug via the web interface; I'll just merge them if there ends up being duplication.
Date: Fri, 24 Sep 2004 13:05:34 -0400
From: Derrick Schommer <schommer@gmail.com>
To: rt-comment@krbdev.mit.edu, rt@krbdev.mit.edu
Subject: Re: [krbdev.mit.edu #2725] missing bug report
RT-Send-Cc:
I posted it in the web interface. Unfortunately I don't control the
outbound e-mail so I'm not sure if it was reject or not. Probably
was.


On Fri, 24 Sep 2004 12:04:34 -0400 (EDT), Tom Yu via RT
<rt-comment@krbdev.mit.edu> wrote:
Show quoted text
> [guest - Fri Sep 24 10:37:39 2004]:
>
> > (BTW: I send a bug with the krb5-send-pr utility but I may have done it
> > wrong or something, because its been a day and I've not seen it show up
> > in my mail.)
>
> I don't think it has shown up yet. Do your outbound mail logs show it being sent? You could
> file the bug via the web interface; I'll just merge them if there ends up being duplication.
>
Date: Fri, 24 Sep 2004 13:05:34 -0400
From: Derrick Schommer <schommer@gmail.com>
To: rt-comment@krbdev.mit.edu, rt@krbdev.mit.edu
Subject: Re: [krbdev.mit.edu #2725] missing bug report
RT-Send-Cc:
I posted it in the web interface. Unfortunately I don't control the
outbound e-mail so I'm not sure if it was reject or not. Probably
was.


On Fri, 24 Sep 2004 12:04:34 -0400 (EDT), Tom Yu via RT
<rt-comment@krbdev.mit.edu> wrote:
Show quoted text
> [guest - Fri Sep 24 10:37:39 2004]:
>
> > (BTW: I send a bug with the krb5-send-pr utility but I may have done it
> > wrong or something, because its been a day and I've not seen it show up
> > in my mail.)
>
> I don't think it has shown up yet. Do your outbound mail logs show it being sent? You could
> file the bug via the web interface; I'll just merge them if there ends up being duplication.
>
From: tlyu@mit.edu
Subject: CVS Commit
* mk_req_ext.c (krb5_mk_req_extended): Free keyblock before
copying new one in.


To generate a diff of this commit:



cvs diff -r5.454 -r5.455 krb5/src/lib/krb5/krb/ChangeLog
cvs diff -r5.76 -r5.77 krb5/src/lib/krb5/krb/mk_req_ext.c